sha256: hide ring Digest. add const sha256.

Author: phlip9

Cargo.lock

@@ -79,6 +79,8 @@ serde_json = "1"
 # Core SGX types
 # NOTE: version must exactly match patched version
 sgx-isa = "=0.4.0"
+# Const SHA256 hash
+sha2-const = "0"
 # Easy error definition
 thiserror = "1"
 # Logging

common/Cargo.toml

@@ -6,7 +6,7 @@ use proptest_derive::Arbitrary;
 use serde::{Deserialize, Serialize};
 
 use crate::hex::{self, FromHex};
-use crate::hexstr_or_bytes;
+use crate::{ed25519, hexstr_or_bytes};
 
 /// Traits defining the various REST API interfaces.
 pub mod def;
@@ -39,6 +39,10 @@ impl UserPk {
         self.0
     }
 
+    pub const fn as_ed25519(&self) -> &ed25519::PublicKey {
+        ed25519::PublicKey::from_ref(&self.0)
+    }
+
     /// Used to quickly construct `UserPk`s for tests.
     pub fn from_i64(i: i64) -> Self {
         // Convert i64 to [u8; 8]

common/src/api/mod.rs

@@ -291,11 +291,11 @@ impl SgxQuoteVerifier {
             .context("Invalid QE identity")?;
 
         ensure!(
-            &qe3_reportdata[..32] == expected_reportdata.as_ref(),
+            &qe3_reportdata[..32] == expected_reportdata.as_slice(),
             "Quoting Enclave's Report data doesn't match the Quote attestation pk: \
              actual: '{}', expected: '{}'",
             hex::display(&qe3_reportdata[..32]),
-            hex::display(expected_reportdata.as_ref()),
+            expected_reportdata,
         );
 
         // 4. Verify the attestation key endorses the Quote Header and our

common/src/attest/verify.rs

@@ -41,8 +41,9 @@ use ring::signature::KeyPair as _;
 use thiserror::Error;
 use x509_parser::x509::SubjectPublicKeyInfo;
 
+use crate::hex::{self, FromHex};
 use crate::rng::Crng;
-use crate::{const_assert_usize_eq, const_ref_cast, hex};
+use crate::{const_assert_usize_eq, const_ref_cast};
 
 /// The standard PKCS OID for Ed25519
 #[rustfmt::skip]
@@ -260,15 +261,15 @@ impl PublicKey {
         .map_err(|_| Error::InvalidSignature)
     }
 
-    pub fn as_slice(&self) -> &[u8] {
+    pub const fn as_slice(&self) -> &[u8] {
         self.0.as_slice()
     }
 
-    pub fn into_inner(self) -> [u8; 32] {
+    pub const fn into_inner(self) -> [u8; 32] {
         self.0
     }
 
-    pub fn as_inner(&self) -> &[u8; 32] {
+    pub const fn as_inner(&self) -> &[u8; 32] {
         &self.0
     }
 }
@@ -320,6 +321,12 @@ impl AsRef<[u8; 32]> for PublicKey {
     }
 }
 
+impl FromHex for PublicKey {
+    fn from_hex(s: &str) -> Result<Self, hex::DecodeError> {
+        <[u8; 32]>::from_hex(s).map(Self::new)
+    }
+}
+
 impl fmt::Display for PublicKey {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "{}", hex::display(self.as_slice()))
@@ -345,15 +352,15 @@ impl Signature {
         const_ref_cast(sig)
     }
 
-    pub fn as_slice(&self) -> &[u8] {
+    pub const fn as_slice(&self) -> &[u8] {
         self.0.as_slice()
     }
 
-    pub fn into_inner(self) -> [u8; 64] {
+    pub const fn into_inner(self) -> [u8; 64] {
         self.0
     }
 
-    pub fn as_inner(&self) -> &[u8; 64] {
+    pub const fn as_inner(&self) -> &[u8; 64] {
         &self.0
     }
 }
@@ -379,6 +386,12 @@ impl TryFrom<&[u8]> for Signature {
     }
 }
 
+impl FromHex for Signature {
+    fn from_hex(s: &str) -> Result<Self, hex::DecodeError> {
+        <[u8; 64]>::from_hex(s).map(Self::new)
+    }
+}
+
 impl fmt::Display for Signature {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "{}", hex::display(self.as_slice()))

common/src/ed25519.rs

@@ -236,15 +236,14 @@ mod test {
     use proptest::arbitrary::any;
     use proptest::collection::vec;
     use proptest::proptest;
-    use ring::digest::Digest;
 
     use super::*;
     use crate::sha256;
 
     // simple implementations of some crypto functions for equivalence testing
 
     // an inefficient impl of HMAC-SHA256 for equivalence testing
-    fn hmac_sha256(key: &[u8], msg: &[u8]) -> Digest {
+    fn hmac_sha256(key: &[u8], msg: &[u8]) -> sha256::Hash {
         let h_key = sha256::digest(key);
         let mut zero_pad_key = [0u8; 64];
 

common/src/root_seed.rs

@@ -1,36 +1,183 @@
 //! A convenience module for hasing things with SHA-256.
 
+use std::{fmt, io};
+
+use ref_cast::RefCast;
+
+use crate::hex::FromHex;
+use crate::{const_ref_cast, hex};
+
+pub const HASH_LEN: usize = 32;
+
+/// A SHA-256 Hash value.
+#[derive(Copy, Clone, Default, PartialEq, Eq, RefCast)]
+#[repr(transparent)]
+pub struct Hash([u8; 32]);
+
+/// A SHA-256 digest accumulator.
+#[derive(Clone)]
+pub struct Context(ring::digest::Context);
+
 /// SHA-256 digest a single input.
-pub fn digest(input: &[u8]) -> ring::digest::Digest {
+pub fn digest(input: &[u8]) -> Hash {
     digest_many(&[input])
 }
 
 /// SHA-256 digest several input slices concatenated together, without
 /// allocating.
-pub fn digest_many(inputs: &[&[u8]]) -> ring::digest::Digest {
-    let mut ctx = context();
+pub fn digest_many(inputs: &[&[u8]]) -> Hash {
+    let mut ctx = Context::new();
     for input in inputs {
         ctx.update(input);
     }
     ctx.finish()
 }
 
-/// Create a SHA-256 digest context for manually hashing e.g. large input files.
-pub fn context() -> ring::digest::Context {
-    ring::digest::Context::new(&ring::digest::SHA256)
+/// SHA-256 digest a single input at compile time.
+pub const fn digest_const(input: &[u8]) -> Hash {
+    digest_many_const(&[input])
+}
+
+/// SHA-256 digest a multiple concatenated inputs at compile time.
+pub const fn digest_many_const(mut inputs: &[&[u8]]) -> Hash {
+    let mut acc = sha2_const::Sha256::new();
+    while let Some((input, rest)) = inputs.split_first() {
+        acc = acc.update(input);
+        inputs = rest;
+    }
+    Hash::new(acc.finalize())
+}
+
+// -- impl Hash -- //
+
+impl Hash {
+    pub const fn new(value: [u8; 32]) -> Self {
+        Self(value)
+    }
+
+    pub const fn from_ref(value: &[u8; 32]) -> &Self {
+        const_ref_cast(value)
+    }
+
+    pub const fn as_slice(&self) -> &[u8] {
+        self.0.as_slice()
+    }
+
+    pub const fn as_inner(&self) -> &[u8; 32] {
+        &self.0
+    }
+
+    pub const fn into_inner(self) -> [u8; 32] {
+        self.0
+    }
+
+    // Note: not pub, since `ring::digest::Digest` is not always SHA-256, but
+    // we can guarantee this invariant inside the module.
+    fn from_ring(output: ring::digest::Digest) -> Self {
+        Self::new(<[u8; 32]>::try_from(output.as_ref()).unwrap())
+    }
+}
+
+impl AsRef<[u8]> for Hash {
+    fn as_ref(&self) -> &[u8] {
+        self.0.as_slice()
+    }
+}
+
+impl AsRef<[u8; 32]> for Hash {
+    fn as_ref(&self) -> &[u8; 32] {
+        &self.0
+    }
+}
+
+impl FromHex for Hash {
+    fn from_hex(s: &str) -> Result<Self, hex::DecodeError> {
+        <[u8; 32]>::from_hex(s).map(Self::new)
+    }
+}
+
+impl fmt::Display for Hash {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{}", hex::display(self.as_slice()))
+    }
+}
+
+impl fmt::Debug for Hash {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{}", self)
+    }
+}
+
+// -- impl Context -- //
+
+impl Context {
+    pub fn new() -> Self {
+        Self(ring::digest::Context::new(&ring::digest::SHA256))
+    }
+
+    pub fn update(&mut self, input: &[u8]) {
+        self.0.update(input);
+    }
+
+    pub fn finish(self) -> Hash {
+        Hash::from_ring(self.0.finish())
+    }
+}
+
+impl Default for Context {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl io::Write for Context {
+    fn write(&mut self, input: &[u8]) -> io::Result<usize> {
+        self.update(input);
+        Ok(input.len())
+    }
+
+    fn flush(&mut self) -> io::Result<()> {
+        Ok(())
+    }
 }
 
 #[cfg(test)]
 mod test {
-    use super::*;
-    use crate::hex;
+    use std::io::Write;
+
+    use proptest::arbitrary::any;
+    use proptest::proptest;
+
+    use crate::{hex, sha256};
 
     // sanity check
     #[test]
     fn test_sha256() {
-        let actual = hex::encode(digest(b"").as_ref());
+        let actual = hex::encode(sha256::digest(b"").as_ref());
         let expected =
             "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
         assert_eq!(&actual, expected);
     }
+
+    #[test]
+    fn test_digest_equiv() {
+        proptest!(|(inputs in any::<Vec<Vec<u8>>>())| {
+            let inputs_ref = inputs
+                .iter()
+                .map(|v| v.as_slice())
+                .collect::<Vec<_>>();
+
+            let h1 = sha256::digest_many(&inputs_ref);
+            let h2 = sha256::digest_many_const(&inputs_ref);
+
+            let mut ctxt = sha256::Context::new();
+            for input in inputs_ref {
+                ctxt.write_all(input).unwrap();
+            }
+            let h3 = ctxt.finish();
+
+            assert_eq!(h1, h2);
+            assert_eq!(h1, h3);
+        });
+    }
 }